Under the General Data Protection Regulations (GDPR), personal data processing is improved and strengthened. All Early Years and Childcare settings must follow guidance when processing personal data from parents about their child and family. Parents have the right to request deletion of personal data once they leave the setting, provided that deleting the material does not impact Ofsted or other legal regulations. Please refer to my data audit for retention dates of each document.
Data Required
The data I require to ensure compliance with GDPR and Ofsted requirements includes:
- Personal Information
- Parents’ names
- Child’s name
- Date of Birth
- Address/Addresses
- Contact Details
- Doctors and Health Visitors’ Names
- Parental Responsibility
- Medical Information
- Early Years Foundation Stage documents
Data Storage and Security
All information is paper-based and stored securely in a locked file within a secure cupboard, inaccessible to unauthorized persons. Information cannot be shared without parental permission unless it is a safeguarding concern.
Access and Retention
Parents may access any personal data held on their child or family. Data will be held securely until such time as deletion is requested, provided this does not compromise Ofsted, the Department for Education, the Local Authority, or HMRC. Data relating to safeguarding or accidents must be retained until the child reaches the age of 21 years and 3 months, as required by law.